hacking
Latest
Researchers claim GSM calls can be hacked on the cheap
Callers, your worst nightmare is coming true... maybe. According to a report, a group of hackers at the Black Hat conference in Washington D.C. claim that they're able to hack GSM calls with equipment costing about $1,000. If you believe the team (and we're inclined to at least have a listen), they can decrypt GSM phone conversations and text messages on a network using inexpensive tools called field programmable gate arrays. Until now, the cost of the technology required to hack GSM transmissions has been prohibitively expensive for all but your government and large-scale snooping operations, but that's beginning to change. Not only can this technique allow access to calls, but some of the tech demonstrated at the conference might also enable a user to pinpoint a phone's distance from the surveillance hardware, and find out what type of device is being used. There was no mention of CDMA hacking, so you might want to move over to Sprint for all your seedy activities. Er, we mean stay on Sprint.
PSA: Super Duper Tuesday voting machines could be at risk
Attention voters: if you're casting your ballot for a special someone on this Super Duper Tuesday, you might want to hear what the folks over at Common Cause have to say. The nonpartisan, nonprofit voting machine watchdog wants you to know that six out of the 24 states involved in the presidential primaries today are using voting machines that are at "high risk" for malfunction or tampering. In all, 17 states have some risk factor -- based on the advocacy group's rating system -- though the machines in Arkansas, Delaware, Georgia, New Jersey, New York, and Tennessee are the most likely to give the votes to Darth Vader, Dr. Evil, or Lord Voldemort. You have been warned.
Teen hacks tram system, derails trains
In yet another "innocent prank" that turned out to have very real-world effects, a 14-year-old Polish boy has admitted to modifying a TV remote in order to manipulate the junction-switching devices on the Lodz tram system, resulting in four derailed trains and 12 injuries. According to reports, the teenager snuck onto tracks to study the switching mechanisms, and used the resulting knowledge to re-direct trains "like any other schoolboy might a giant train set," as a police spokesman put it. The young man now faces charges in juvenile court for endangering public safety.
FAA warns of Boeing 787 hacker vulnerability
Boeing's still in the final stages of production on its 787 Dreamliner mid-sized jet, but the FAA has already spotted what looks to be a serious security vulnerability in the plane's IT infrastructure. Apparently the computers that provide the 787's passenger area with in-flight internet access and other amenities are physically networked with the main plane computers, including control, navigation and communication systems, which could theoretically provide a path for a hacker to screw with the plane, and even go as far as take full control of the 787. Boeing says that it's aware of the issue and is prepping a solution that will be tested shortly, but we're not sure what sort of "solution" can beat separating the two systems entirely -- which seems like what should've been done in the first place. Boeing has more than 800 advance orders for the plane, and should start delivering in November of 2008, but the FAA is requiring that the company demonstrate a fix for this issue before the planes hit the skies.
Now that the Wii's been hacked, what's next?
Remember those dudes that hacked the Wii? Brushing, the guy who presented the exploit at 24C3, was recently interviewed about his future plans for the system. The natural first step, according to him, is to implement a version of SDLoad for the Wii. Then, once that's out of the way, he would like to see a Linux Channel for the console. Still, Brushing notes that it will probably take a while before he and the groups he worked with are able to reach these goals.Also, if you're worried about this development opening the floodgates for piracy on the Wii, don't be. Brushing seems hesitant, at least for the time being, to release the hacked information and keys to the public.To read the full interview with the author of the Wii exploit, go here.[Thanks, Craig!]
Hackers get into Wii, hunt for Angelina Jolie begins
It would seem that the hacking community has finally cracked the Wii, as they've figured out a way to get code up and running on the console. It's a feat that hasn't been performed before and was accomplished after many Bothans people sacrificed time and energy to complete this task. See, inside of the Wii, the Hollywood chip doesn't just handle graphics, it's got a whole lot to do with authentication (you know, to make sure you've got a valid Wii or GC game disc in there). Well, these hackers have found out that upon booting up a GameCube game, this chip will turn off all of the cool Wii functionality (bluetooth, USB, etc.) and restricts the area of memory you're allowed to access. But, there isn't any kind of encryption dealing with the memory, so this is where the folks knew they should focus.Now, the next part gets too technical for us, but just know that they found a way to get these authentication codes from the memory and trick the Wii into believing it was loading a Wii game (in this case, Lego Star Wars). This then allowed them to load their own code into the Wii. Judging by the clapping in the video, it's a pretty big deal and means that homebrew on the Wii is that much closer to being a reality.Oh, and if you don't get the Angelina Jolie reference, head past the break.
NYC taxis simply running mapping app over unsecured Windows
It's always interesting when electronic billboards, kiosks, and other installations go haywire and show you the dark heart of Windows lurking underneath, but it's even more fun when you can actually start poking around -- and it looks like there's a fair bit of poking to do in all those NYC taxis with backseat screens. According to Billy Chasen, dismissing the error message will allow you to get to the Start menu, from which it's trivial to run the Windows Connection Wizard, set up the Sprint broadband card, and start surfing away. Billy could also browse the filesystem -- which may or may not contain credit card data -- and it looks like he even had enough access to install any software he could find online. Hmmm, looks like there's 1000 experience points waiting here for the first person to send in a photo of Engadget on one of these screens -- with a 5000 point bonus if it's in Firefox.
Colorado voting machines don't make the grade
In a terrifically unsurprising blow to electronic voting fans everywhere, Colorado's Secretary of State has declared the machines unreliable -- and apparently in need of a software patch. While not as harsh as some rulings on the systems, Secretary Mike Coffman decertified three out of four machines which had been tested. Why the bad grade? Apparently the machines failed on accuracy and security, two sort-of-crucial components to dependable voting solutions, and two components which have been lacking in many systems. Coffman believes Colorado's findings could have a larger impact, stating, "What we have found is that the federal certification process is inadequate." Clearly another blow for the Diebolds (er, we mean Premier Election Solutions) of the world, but hopefully a sign that we can expect tough love for suspect voting machines.
NPR on Mac hacking-- a little FUD, a little fact
NPR hits up the issue of Mac hacking (the bad malware kind, not the good kind), and suggests that Macs are supposedly becoming a bigger target for exploitative folk.While this is a topic that could easily (and does often) degenerate into complete misinformation and FUD, NPR basically acknowledges that Macs are showing up in more and more places (and that includes the iPhone, where even Apple is concerned about security), and that means that they're becoming a juicier target for malware developers. Fortunately, however, a familiar voice shows up later in the report (dig those dulcet tones!) to remind everyone that throughout five iterations of OS X, the malware problems have been hard to find. Malware developers may be trying, but it ain't working.Of course, we can't let this go without noting that this story was inspired in the first place by a PR report released by... you guessed it: an antivirus company. The people who profit off of programs that supposedly prevent malware are claiming that malware is a bigger threat than ever before? Go figure.
Estimating the Jailbreak population for iPhone and iPod touch
iPhone Atlas posts that AppSnapp, the 1.1.1 jailbreak site, has been used more than 1 million times. Now, of course, that does not mean that there are more than 1 million jailbroken iPhones and iPod touches out there, it just means that the procedure has been run that many times. I know that my two units account for at least a dozen uses of the site but I'm guessing that I'm at the high end of per-unit applications of the exploit. For some additional numbers on jailbreak penetration, turn to Shaun Erickson's blog. Shaun runs STE Packaging, one of the two main iPhone software repositories. His top 25 downloads list is headed by OpenSSH, with almost a half million downloads, and Apollo IM with 350,000. Multiple downloads (an important consideration after firmware upgrades and system restores) may be offset by the fact that not every user downloads every package. It looks like it's fairly safe to say that several hundred thousand units have been jailbroken and are running third party applications. The AppSnapp site suggests even higher numbers. Since the exploit is limited to the 1.1.1 firmware, it eliminates having to account for re-downloads due to firmware upgrades. Thanks Drudge
Shocker: wireless keylogging is quite easy
Well as usual, with the benefits of wireless technology come detriments in the form of security holes, and now a pair of researchers from Dreamlab have proven just how easy it is to sniff out the transmissions broadcast by RF keyboards. According to their whitepaper, "27MHz keyboard insecurities," Max Moser and Philipp Schrödel claim that keystroke signals sent from Microsoft's Wireless Optical Desktop 1000 and 2000 are encrypted with a simple one-byte offset cipher -- meaning that there are only 256 possible keys, with less than 50 sample strokes needed for decryption. And in case you thought you were safe with a non-Microsoft board, think again: Team Dreamlab is busy hacking Logitech's "Secure Connect" protocol as we speak. [Warning: PDF link][Via Hack-A-Day]
The Mindstorms NXT gramophone, or, If Edison played with LEGOs
Lying somewhere between the roboflusher and LEGO car-producing LEGO factory on the practicality scale, José Pino's Mindstorms NXT gramophone brings together all the fun and tinny sound of this antiquated music system with today's modern DIY sensibilities. Using little more than an off-the-shelf NXT kit running at 25% power, and, um, a fast food beverage cup, Pino was able rig together a very basic platform for spinning his vinyl, although scratching is probably not recommended on this rather delicate setup. Keep reading for a quick video walkthrough accompanied by those old-timey tunes so popular among today's seniors.[Via Hacked Gadgets]
How to sync an iPhone over WiFi without iTunes
Now that the Zune has upped the ante by including WiFi syncing out of the box, it looks like owners of other devices are starting to rig up solutions of their own -- and the iPhone setup developed by eddanx seems to come closest to the ease of the Zune. The system relies on the WinAmp plugin ml_ipod, which supports syncing to shared folders, and requires a jailbroken iPhone and a little SSH / SFTP softshoe. Of course, by giving up iTunes, you give up contact, calendar, movie, and phone syncing as well, but who cares -- you're wireless now, baby. Check the read link for the full instructions.PS: We'd imagine this would also work on an iPod touch -- anyone care to try?
Debunk: Yes, Virginia, the iPhone libtiff exploit can also be used for mischief
We're not really certain why anyone's surprised by the iPhone libtiff exploit at this point -- it's the entire basis of the 1.1.1 jailbreak, after all -- but apparently Fast Company didn't get the memo, because it just posted up this video of "self-employed security consultant" Rik Farrow using the 'sploit to surreptitiously install a voice recorder on an unpatched 1.1.1 iPhone. That would have been huge news when the iPhone first came out, obviously (and look at that -- it was) but FC and Rik are a little late, here: the libtiff exploit has already been patched, first by the Jailbreakme 1.1.1 web-jailbreak and then by Apple in the 1.1.2 update. There's no doubt that it's a serious vulnerability -- and Rik's confidently paranoid tone in this video makes it a must-watch -- but it's funny to see people get all worked up over a patched security hole hackers have been exploiting on a variety of devices for some time now.
How to tweak the Leopard Dock's color
Earlier, I posted about how you can revert those new lights in Leopard's Dock back to Tiger's old triangles (and I can't say I was too surprised to find out that most of you didn't want to revert anything-- do what feels right, man), and I said that the next thing to go would be Leopard's shiny Dock-top.And now, here we go-- Something Awful's echobucket has apparently found the files that need to be changed to edit the look of the dock. As with the triangles, the Dock elements have a few sizes to them, so replace the "scruve-x.png" files (where x is "l," "m," "sm," or "xl") in the Dock package's /Contents/Resources folder (make sure to back up the original files just in case, too), and then type "killall Dock" in the Terminal to restart it, and bingo, a slightly less bright dock.In fact, just by changing the color of those pictures, you can change the color of the Dock itself (here's an orange dock on a black background for Halloween, via Digg commenter HacKing). It can't be too long before some enterprising programmer figures out how to put all of this inside an easy-to-use app, but here's the real question: if it's all this easy, why didn't Apple offer us this kind of customization ourselves? Sure, when you hand the paintbrushes to the people, things can get ugly, but they can also get much more beautiful, too.[via Digg]
Woz raps on Apple for lower ideals, locked iPhone, less innovative UI
Joining a growing crowd of people to complain about the general lack of openness in the iPhone is none other than Steve Wozniak, co-founder of the company. Woz has a reputation for being critical of the company he helped create, although no-one would argue that his views are unreasonable: in an interview he calls into question Apple's treatment of the iPhone as an appliance, and not as a computer platform designed to allow users to install their own apps at will ("I'm really for the unlockers, the rebels trying to make it free.") He also took a dig at Leopard, saying that OSes aren't what sell computers these days, and that OS updates today are nothing more than slow improvements, rather than a procession towards a UI that works "for someone who knows nothing about the computer." Personally, we think these are fair viewpoints: as much as we may hate to say it, a lot of new technology these days requires a compromise. Isn't it about time compromise took a back seat?[Thanks, Jame]
Instant Jailbreak for iPhone and iPod touch
A crew of hackers (including hdm/metasploit, rezn, dinopio, drudge, kroo, pumpkin, davidc, dunham, and NerveGas) have introduced a one-touch instant jailbreak for both iPhone and iPod touch. The jailbreak opens your iPhone for full disk access and installs Installer.app so you can add pretty much any third party application you like. To use it, open Safari and point your browser to jailbreakme.com (which we aren't linking to so folks won't install this by accident, but you are prompted to confirm). Once there, read the directions, scroll to the bottom, and tap Install AppSnapp. If Safari disappears and you return to the main Home screen, you're good. Just wait a minute more for your unit to restart--don't touch anything until you see the slide to unlock screen. If Safari hangs, just quit out (press and hold Home for 4-8 seconds) and try again. Once you get to slide-to-unlock, go ahead and unlock your iPhone or iPod touch. You'll return to your home screen which will contain a new Installer.app icon. If you'll want to ssh into your unit, install the BSD subsystem, Community Sources, and then install Open SSH--you may need to upgrade Installer.app (thanks Ste). With Open SSH and sshfs (part of Mac Fuse), you can open Finder windows that offer direct drag and drop access to your phone or touch. The jailbreak really is as easy as it sounds. I restored my iPod touch and jailbroke it just a few minutes ago and it worked great.UPDATE: Please try to do this using WiFi rather than EDGE. Success rates are much higher!
iPhone 101: Hacks Vocabulary Primer
We here at TUAW are always on the lookout to help you, our dear readers, understand what is going on in the crazy world of Apple related technology. The biggest news, as of late, has been the continued efforts to hack the iPhone. A rich language has developed around the iPhone hacking community, and we thought it might be time for a primer of sorts. Never again will you confuse your jailbreaking with your bricking. Jail. The public areas of the iPhone or iPod to which, by default, Apple allows read/write access via USB. In Unix terms, this refers to the /private/var/root/Media folder. Jailbreak. The iPhone and iPod touch hacks that allow users to gain access to the entire Unix filesystem. In Unix terms, this refers to changing the root of the directory tree to /. Activation. The process that allows you to move beyond any of the various screens that instruct you to connect your device to iTunes before it can be used. On the iPhone, you can only make emergency calls until your iPhone is activated. Bricking. To render an iPhone or iPod touch inoperable. The 1.1.1 firmware update turned many iPhones into iBricks. Users could not reactivate their iPhone to get past their "Please connect to iTunes" screens. Although the phones could still be used for emergency calls, users were locked out from all normal iPhone operations.File system. The way your iPhone or iPod touch uses its memory to store data and applications. The iPhone and iPod touch use two "disks": a smaller private file system that contains the operating system and a larger public one that contains your media (songs, videos, etc), preferences, and data.
iPhone v1.1.1 firmware gets the Jailbreak treatment
For all you fanatics on the edge of your seat over the iPhone v1.1.1 hacking situation, there's some good news on the horizon. According to Erica Sadun -- one of the soldiers heading up the fight to break Apple's stranglehold -- the iPhone / iPod touch dev team have indeed managed to Jailbreak the new update. Apparently, the general-use tool hasn't made a showing yet, but baby steps have been taken, and the goods are sure to follow. So what can you expect? Third party apps are working, but will probably need to be recompiled due to the new frameworks, Springboard won't recognize DisplayOrder.plist (included apps now seem to be hard-coded into the Springboard app), you can activate the phone with third-party workarounds, and the Mobile Terminal and BSD suite work, as well as ARM-compiled command-line utilities. Of very interesting note: Erica says that the new firmware references both Nike and a radio, and that the devs are taking up a fund to buy a cake and deliver it to Apple, courtesy of "the Crazy Ones." She says the Jailbreak isn't "ready for prime time," and based on this info we tend to agree, but if you really want the full scoop, truck over to TUAW and check out the info for yourself.
The eye of Apple is watching, issuing takedowns
It's beginning to look as though Apple's kinda-sorta "hands off" approach to iPhone hackers turns a bit more "hands on" when it comes to the iPod touch. According to reports, a hacker named "Martyn" had gotten a broken touch, which he was planning to dump the NAND data from so that efforts to create 3rd party applications for the device could be sped up. Apparently, while uploading the data to a private folder on his site, his ISP showed up on the scene and killed the transfer... all at the request of Apple, who (rightfully so) let them know that sharing the code was a copyright infringement. Of course, the interesting news here is that Apple seems to be very actively monitoring channels where all this warranty-voiding software manipulation is being planned and discussed. So next time you're going to reverse engineer one of its products -- keep it quiet.
